Professional Documents
Culture Documents
Vmware Microsegmentation For Dummies 2nd Vmware Special Edition
Vmware Microsegmentation For Dummies 2nd Vmware Special Edition
by Himanshu Singh
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Modern and Secure Hybrid Cloud Platform For Dummies®,
VMware Special Edition
Published by
John Wiley & Sons, Inc.
111 River St.
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2019 by John Wiley & Sons, Inc., Hoboken, New Jersey
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted
under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of
the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department,
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online
at http://www.wiley.com/go/permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making
Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons,
Inc. and/or its affiliates in the United States and other countries, and may not be used without written
permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not
associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
For general information on our other products and services, or how to create a custom For Dummies book
for your business or organization, please contact our Business Development Department in the U.S. at
877-409-4177, contact info@dummies.biz, or visit www.wiley.com/go/custompub. For information about
licensing the For Dummies brand for products or services, contact BrandedRights&Licenses@Wiley.com.
Publisher’s Acknowledgments
Some of the people who helped bring this book to market include the
following:
Development Editor: Business Development
Rebecca Senninger Representative: Karen Hattan
Editorial Manager: Rev Mengle Production Editor: Siddique Shaik
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction
W
hy do you need a modern and secure hybrid cloud
platform? Basically, because the world is changing
before our eyes. Digital transformation is sweeping
across all industries, and you need the right technology to capi-
talize on this wave and stay competitive.
Don’t let the small size fool you. This book is loaded with infor-
mation that can help you understand and capitalize on virtualiza-
tion technologies to build your modern and secure hybrid cloud
platform. In plain and simple language, the book explains the
Introduction 1
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
inner workings of a next-generation platform, why you need it,
and what capabilities to look for.
2 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Highlighting data center security issues
Chapter 1
The Case for a New,
More Secure Approach
to the Data Center
T
o compete and succeed in the digital economy, all busi-
nesses require a modern data center built around a highly
secure hybrid cloud platform. It’s the key to supporting a
dynamic, digitally driven business that can ward off rapidly
evolving security threats.
CHAPTER 1 The Case for a New, More Secure Approach to the Data Center 3
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
importance. To protect the business, IT teams need to protect
digital assets from ever-more-sophisticated security threats.
Those threats are rising in terms of number and severity, and they
can be devastating to a business. Research from the U niversity
of Maryland’s Clark School reveals that a hacker strikes every
39 seconds and the cost of breaches is rising. According to the
Ponemon Institute, the average financial loss from a cyber-
attack, now estimated at $3.6 million, is up 62 percent in the last
five years, largely due to the number of days intrusions take to
resolve. And for many companies, this number can be drastically
higher, reaching hundreds of millions of dollars in losses stem-
ming from decreased revenues, remediation costs, the impact of
regulatory infractions, and a decline in customer trust.
4 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Looking at the Path Forward
So, how do you get to where you need to be? The path forward
begins with a comprehensive modern and secure hybrid cloud
platform that increases IT agility and creates a seamless foun-
dation for the management of private and public cloud services
alongside traditional data center infrastructure.
CHAPTER 1 The Case for a New, More Secure Approach to the Data Center 5
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Building security into your IT
environment
Chapter 2
Modernizing and
Securing the Hybrid
Cloud Environment
I
n this chapter, you start with the basics. A software-defined
data center (SDDC) model changes the ground rules for IT
operations by virtualizing compute, networking, and storage,
with integrated management. Organizations that implement an
SDDC model create a digital foundation that provides the ultimate
flexibility in how and where workloads run — which is one of the
keys to accelerating digital transformation.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Deliver a universal application platform.
»» Enable a seamless hybrid cloud experience.
Providing Comprehensive
Built-In Security
In a time when security threats are increasing and attacks are
coming from all directions, security has emerged as a top IT and
business priority. Security must now be enabled at the founda-
tion of the IT architecture and across the entire environment, not
just in one component or layer. IT professionals need to com-
prehensively secure applications, data, infrastructure, and access.
This security needs to be easy to operationalize in a seamless and
transparent manner.
8 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Defend applications in virtualized environments by watching
for and responding to changes to the state of the application
that indicate threats.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
diversity of applications, workloads, and use cases puts additional
demands on IT infrastructure. To meet these demands, infra-
structure must evolve — now, not years from now.
10 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Securing applications
»» Securing infrastructure
»» Securing data
»» Securing access
Chapter 3
Essential Capabilities for
Next-Gen Security
A
next-gen data center virtualization and security platform
incorporates advanced capabilities for securing applications,
infrastructure, data, and access. In a VMware environment,
these capabilities are delivered via the vSphere Platinum platform.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
While being operationally simple, vSphere Platinum helps your
organization ensure that your applications and virtual machines
are running in their known-good states, with minimal overhead
and performance impact.
The rest of this chapter takes a closer look at how vSphere Plati-
num helps your team secure applications, infrastructure, data,
and access.
AppDefense locks down the guest operating system for all appli-
cations, the VMware application stack, and third-party applica-
tions. It gathers inventory data on VMs and applications from
the VMware centralized management application, development
tools, and automation frameworks. Machine learning algorithms
are applied to discover the intended state, establish the known-
good behaviors for the application and VM, detect anomalies, and
prevent further deviation. These capabilities help you ensure the
integrity of your applications, infrastructure, and guest OS.
12 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
processes while machine learning simplifies and automates
auditing and application reviews.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Security (VBS) for enterprises running Windows 10 and Windows
Server 2016 security features, such as Windows Defender Creden-
tial Guard, on vSphere.
14 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
machine learning in vSphere Platinum increase the accuracy of
threat detection while big data correlation improves identifica-
tion and context in a cloud SaaS model. Your security, compliance,
and application teams working in conjunction with your vSphere
administrators using vSphere Platinum deliver greater protection
while increasing business agility.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Highlighting benefits for IT
administrators
Chapter 4
Realizing the Benefits
of a Modern and Secure
Hybrid Cloud Platform
A
comprehensive approach to managing and securing appli-
cations, data, infrastructure, and access helps your IT and
security teams conquer today’s complex challenges across
your hybrid cloud, including new and emerging security threats.
CHAPTER 4 Realizing the Benefits of a Modern and Secure Hybrid Cloud Platform 17
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
applications behave — and know when they aren’t acting right.
When application issues arise, the platform alerts your admins to
potential issues and deviations.
To dig a little deeper, this modern and secure hybrid cloud plat-
form enhances security across your data centers. With the capa-
bilities I cover in Chapter 3, vSphere Platinum shrinks potential
attack surfaces and reduces the risk of security compromise. For
example, this full-featured cloud platform embeds threat detec-
tion and response capabilities into the virtualization layer, while
using machine learning to ensure that virtual machines and
applications are running in a known-good state.
Okay, now you can make life ever easier for your IT team. vSphere
Platinum enables better visibility and protection with a simple,
lightweight, and scalable security solution — with no agents to
manage and with minimal overhead and performance impact. If
you’re a vSphere shop, you can now use a common virtualization
platform that you already own, understand, and run in your data
center, and upgrade to vSphere Platinum to gain all the benefits of
unique visibility, automation, and isolation qualities.
When you put it all together, you’ve created a new playing field.
Your IT administrators can now play a larger and more critical
role in the security of your entire IT environment — and become
security heroes!
18 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Benefits for Security Teams
While changing the ground rules for managing your hybrid IT
environment, a modern and secure hybrid cloud platform simul-
taneously delivers an uncommon set of benefits for your security
teams.
CHAPTER 4 Realizing the Benefits of a Modern and Secure Hybrid Cloud Platform 19
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Benefits for Everyone
As a next-gen hybrid cloud platform, vSphere Platinum fosters
unprecedented collaboration among IT administrators and secu-
rity, compliance, and application teams. IT admin teams see
issues from an infrastructure perspective, security teams see
issues from an app perspective, and everyone has a single view
of the truth.
This unified view helps shrink the attack surface and reduce
the risk of security compromise while providing visibility into
the intent of VMs. It enables a detailed inventory of apps while
increasing everyone’s understanding of application behaviors and
providing alerts about potential issues and deviations.
20 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Virtualizing storage and networking
Chapter 5
The Fundamentals of the
Modern Data Center
A
comprehensive modern and secure hybrid cloud platform
builds on the fundamental capabilities of the modern data
center. These include storage virtualization, network
virtualization, cloud management, and support for hybrid cloud
environments. These are all foundational capabilities for a
software-defined data center (SDDC).
Virtualizing Storage
Software-defined storage (SDS) is one of the key building
blocks for hyper-converged infrastructure (HCI) and the SDDC.
Software-defined storage abstracts physical storage constructs to
enable flexible and precise consumption according to application
requirements. This capability is made possible by the hypervi-
sor, which acts as a broker that balances the needs of a virtual
machine and the applications it runs.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
scale-out capabilities. In HCI, all key data center functions run
as software on the hypervisor in a tightly integrated software
layer.
Virtualizing Networking
In this section, I dive into the concept of network virtualization —
how it works, how it differs from other approaches to the
network, and why the time is right for this new approach.
22 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Here’s how it works:
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
amount of errors. For your developers, the CMP supports multiple
sandbox models for requesting services. This gives them the free-
dom to use the tools of their choice, increasing their productivity.
VMware Cloud on AWS brings the broad, diverse, and rich inno-
vations of AWS services natively to the enterprise applications
running on VMware compute, storage, and network virtualization
platforms. This allows your organization to easily and rapidly add
new innovations to your enterprise applications by natively inte-
grating AWS infrastructure and platform capabilities.
24 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
With VMware Cloud on AWS, you can simplify your hybrid
cloud operations by using the same VMware Cloud Foundation
technologies — for example, vSphere (including vCenter Server),
vSAN, and NSX — across your on-premises data centers and on
the AWS Cloud. There’s no need to purchase any new or custom
hardware, rewrite applications, or modify your operating models.
Now that you’ve spent a good deal of time understanding the need
for and benefits of modernizing and securing your entire IT envi-
ronment, I want to make sure I also cover some basics when it
comes to adopting virtualization in the first place, and setting up
your core environment.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Getting started with your modern
virtualization and cloud platform
Chapter 6
Next-Gen Virtualization
Preflight
W
hen a virtual environment is firing on all cylinders, it
drives down costs and minimizes downtime while
increasing productivity. Unfortunately, many busi-
nesses undercut those gains before deployment by incurring costs
and causing downtime in the earliest stages of the shift from
physical to virtual.
This is a case where a little planning goes a long way. This chapter
discusses some things to consider before you begin your migra-
tion. Know what to expect and you can plan accordingly.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Assembling your team
Before you move your physical server workloads into virtual
machines, enlist a cross-discipline team that includes IT admins,
application owners, finance personnel, and other stakeholders.
It’s important to have a range of perspectives to make sure your
virtualization strategy aligns with business priorities. As you
move forward, this team will also help you demonstrate how cost
savings and improved service levels in the data center affect the
rest of the organization.
Assemble a detailed plan that outlines the full scope of the project
and its phases. Work with your finance team members to deter-
mine total cost of ownership (TCO) and your projected return
on investment (ROI). If you need new hardware such as servers,
storage arrays, or networking gear, put it in the budget.
Before you roll out the new virtual environment, allow time to
test it thoroughly. Record baseline performance on your current
servers and applications. It’s important to have this data before
migration begins so you can benchmark VM performance gains
against native performance levels. This helps justify the project
for management buy-in.
28 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Using traditional versus virtual storage
Shared storage improves availability and allows hypervisors to
leverage capabilities (such as VMware vMotion) to migrate run-
ning VMs across hosts for zero-downtime maintenance. Today,
there are multiple options for shared storage:
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Calculate your storage needs, in both raw capacity and IOPS,
on current and future workloads. What’s the best way to
meet those needs? Do you need the array-based replication
or extreme amounts of capacity that a traditional storage
array can provide? Or could your needs be met by a more
cost-effective vSAN solution that allows you to scale storage
capacity and performance as you add physical host servers?
»» Take advantage of the storage efficiencies of virtualization.
For example, on a traditional physical server, adding or
reconfiguring disk drives is difficult, time consuming,
constrained by available drive bays, and can sometimes
result in downtime or data loss. In a virtual environment,
physical storage devices are abstracted — separated — from
the virtual machine, so storage capacity can be added
without affecting the VM in any way. Virtual disks, by the
same token, can be easily expanded without requiring
complex reconfiguration of physical storage devices.
»» Choose thin or thick provisioning of virtual disks for individ-
ual VMs. Thick provisioning allocates all the space for a
virtual disk the moment you create it; thin provisioning
allocates space as necessary throughout the virtual disk’s
life. If you have a dedicated storage solution from a third
party, thin provisioning may be available at the array
hardware level as well.
30 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» As you set up policies and provisioning, keep in mind the
challenge of managing sensitive data from different applica-
tions. Do the rules allow that data to reside with the data
from other applications at the compute, networking, and
storage layers?
»» Make sure you have a working management network with
all management interfaces of physical hosts, switches, and
other data center infrastructure in the environment. Isolated
management networks provide higher security while
preventing VM traffic from interfering with management
traffic.
»» You need to balance VM protection with performance by
scheduling security scans and other checks for off hours.
»» Define affinity rules for your VMs. For example, you can
define host affinity rules to keep VMs together, so a web
server VM and its associated app and database VM are kept
on the same physical server for high-speed virtual network
connectivity. You can also define anti-affinity rules. For
example, you can keep multiple database servers on
separate hosts so if a physical host fails, other database VMs
will keep running.
»» Determine whether your applications must reside on specific
hardware for compliance or process reasons.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Make sure you determine the recovery time objective (RTO)
and recovery point objective (RPO) for each workload. That
way, when you’re creating your business continuity and
disaster recovery plans, your backup and recovery policies
are aligned with your business priorities.
As the saying goes, those who ignore history are doomed to repeat
it. By monitoring performance issues, resource shortfalls, and
other historical data on your VMs, you can anticipate future spikes
in memory and CPU usage, and plan accordingly so critical appli-
cations do not hit capacity limits. The tools of a modern virtual-
ization platform make it easy to monitor and analyze workloads
and diagnose problems, so you can keep your business-critical
applications and VMs operating at peak performance.
32 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
specific business needs helps simplify IT tasks, so IT staff is
better equipped to manage more systems, lowering
administrator overhead and freeing up staff for innovation
elsewhere.
»» Create policies for efficient resource management. Use
vRealize Operations to assign policies to certain groups of
resources, geographic locations, or business units to
customize alerts and capacity management settings. Take
advantage of the out-of-the-box policies that will meet most
of your business needs (for example, production or test
environments, batch or interactive workloads) or create your
own personalized policies.
»» Identify the needs of workgroups to configure capacity
settings. Every workgroup has different needs at different
times. A production team working on a product launch might
need to be over-provisioned for a few months with extra
CPU and storage. A development and test environment
might be fine with high-density, over-committed VMs and
resources. With accurate capacity analysis, you can account
for varying business needs and tap your massive pool of
resources so every workgroup has what it needs.
»» Choose how you want to be alerted. Smart alerts let you
choose how you want to be notified by your management
platform when a problem is developing. vRealize Operations
learns typical behavior in your environment, so it provides
fewer, more meaningful alerts that let you know when there
really is a problem — for example, when a dynamic thresh-
old is exceeded or an anomaly is detected. Similar to
capacity settings, alerts are configured based on policies that
you define. Alerts also provide actionable recommendations
so you can find and fix problems fast, before they cause
downtime.
»» Set up email notifications for administrative alerts. To
monitor data center health and capacity from anywhere,
configure an optional SMTP server to activate email service
for notification messages when problems occur. You can set
email notifications for all types of alerts, so you can address
problems as they happen in real time, minimizing downtime.
For administrators, it’s especially important to set up email
notifications for administrative alerts to ensure vRealize
Operations is always running properly.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Schedule reports to help address bottlenecks before they
occur. Use reports in vRealize Operations to monitor
capacity and performance in the vSphere environment and
to help avoid bottlenecks. It’s a good idea to schedule
reports for regular intervals — weekly, monthly, quarterly,
whatever makes sense for your business. You can also pull
reports on demand for a real-time snapshot of the IT
environment, and use historical reports to track growth
patterns and anticipate future capacity needs. Detailed
reporting is one of the most underappreciated aspects of a
virtual environment, and one of the best tools to continu-
ously improve performance and efficiency.
»» Unify your view of the virtual environment. Use the dash-
board to quickly recognize areas that need attention and
look deeper into individual components of the environment
when necessary. The consolidated dashboard helps you
ensure that resources are being used efficiently and that all
systems are performing and available, all from a single view
that allows you to spend less time monitoring and more time
optimizing. With this dashboard, you get a holistic view and
deep insights into the status of infrastructure and applica-
tions to help ensure quality of service and early detection of
performance, capacity, and configuration issues.
34 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Highlighting tips, techniques, and
insights
Chapter 7
Ten Best Practices for
Securing Your Hybrid
Cloud Environment
B
est practices for a modern hybrid IT environment build on a
robust virtualization and security platform. Given the rising
importance of security in today’s hybrid environments,
these best practices begin with the implementation of five core
principles of cyber hygiene, which equate to the first five best
practices listed in this chapter. These principles are among the
most important and basic steps that any organization should take
to build security into the data center.
The last five best practices give you a broader look at securing
your hybrid cloud.
CHAPTER 7 Ten Best Practices for Securing Your Hybrid Cloud Environment 35
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Establish a Least-Privilege Guideline
The least-privilege principle is pretty simple: Users should be
allowed only the minimum necessary access needed to perform
their jobs, and nothing more. The same holds true for system
components. They should be allowed only the minimum neces-
sary functions needed to perform their purposes, and nothing
more.
Implement Micro-Segmentation
Your hybrid IT environment should be divided into small parts
to make it more manageable in terms of security. This micro-
segmentation is one of the keys to protecting applications and
systems and containing the damage if any one part gets compro-
mised. Micro-segmentation protects your overall IT environment
by breaking it up into these smaller parts. It’s similar to the use of
compartments on a ship. It makes the ship easier to protect. If the
ship is damaged in one area, the damage is contained to that area.
36 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Make Patching a Priority
While this principle of cyber hygiene may sound like something
out of a Systems Management 101 textbook, it’s worth repeating
because of its importance: All systems should be kept up to date
with the latest patches and consistently maintained. Any critical
or non-critical system that is out of date is a meaningful security
risk.
CHAPTER 7 Ten Best Practices for Securing Your Hybrid Cloud Environment 37
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Focus on Protecting Critical Individual
Applications
Focusing on critical individual applications puts the focus where
it should be: on the crown jewels — your mission-critical busi-
ness applications and the data within them. I’m talking about
applications like:
38 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Automate Network and Security
Provisioning
Automation is one of the keys to maintaining a secure, mod-
ern data center. Automate network and security provisioning so
that as new compute resources are created, they’re secured by
default. When using policy-based security automation and micro-
segmentation, your IT team can help prevent intrusion and secure
network traffic inside your enterprise, such that malware cannot
move laterally.
CHAPTER 7 Ten Best Practices for Securing Your Hybrid Cloud Environment 39
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Only IT teams deploying NSX with vSphere Platinum (and
built-in AppDefense) gain this level of visibility and control
because of the technologies’ integration into the hypervisor and
other native control points within deployed applications.
This isn’t just about IT. When you take all the steps outlined
here, you’re helping your business compete and succeed in the
digital economy. In this new era, the foundation for business
success is a modern IT environment built around a highly secure
hybrid cloud platform. That’s what it takes to support a dynamic,
digitally driven business that can ward off rapidly evolving secu-
rity threats.
40 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS APPENDIX
»» Highlighting resources
Appendix
Resources
R
eady for a deeper dive into the concepts and technologies
embodied in a modern and secure cloud platform? Immerse
yourself in these recommendations for resources that will
enrich your understanding of the concepts, technologies, and
tools for taking IT to a new level.
APPENDIX Resources 41
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
vSphere Use Cases: Check out the core use cases supported by
vSphere:
42 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
vSphere YouTube Channel: Get a close-up look at the latest from
vSphere, and listen to testimonials from customers: http://vmw.
re/vsphereonyoutube.
vSphere Blog: Get fresh insights into the latest with the platform,
its capabilities, and its ongoing enhancements from people who
work with the software every day: https://blogs.vmware.com/
vsphere.
APPENDIX Resources 43
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
vSphere Platinum Solution Brief: Learn more about how to secure
applications, infrastructure, data, and access with the capabili-
ties of VMware vSphere Platinum: https://www.vmware.com/
content/dam/digitalmarketing/vmware/en/pdf/vsphere/
vmw-vsphere-platinum-solution-brief.pdf.
44 Modern and Secure Hybrid Cloud Platform For Dummies, VMware Special Edition
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
About the Author
Himanshu Singh is Group Manager of Product Marketing for
VMware’s Cloud Platform business, and runs the core product
marketing team for VMware vSphere. His extensive past experi-
ence in the technology industry includes driving cloud manage-
ment solutions at VMware, growing the public cloud business
at Microsoft Azure, as well as delivering and managing private
clouds at IBM. He holds a B.Eng. (Hons.) degree from Nanyang
Technological University, Singapore, and an MBA from Tuck
School of Business at Dartmouth College. Follow him on Twitter
at @himanshuks.
Author’s Acknowledgments
The author extends his thanks to the subject matter experts on the
VMware Cloud Platform team for their help in pulling together and
reviewing the content in this book. The author also sends thanks
to the writers and editors at the Wire Stone agency and John Wiley
& Sons, Inc., for their assistance with the development and refine-
ment of the content. In addition, this book leverages content from
the earlier VMware-sponsored Virtualization 2.0 For Dummies,
Hyper-Converged Infrastructure For Dummies, and Network Virtual-
ization For Dummies, as well as several of the assets listed in the
appendix.
These materials are © 2019 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
WILEY END USER LICENSE AGREEMENT
Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.